160 lines
4.7 KiB
Diff
160 lines
4.7 KiB
Diff
From 59b3f0832626fecebef66326b5316dbd10e482e0 Mon Sep 17 00:00:00 2001
|
|
From: haozi007 <liuhao27@huawei.com>
|
|
Date: Sat, 15 Oct 2022 14:53:50 +0800
|
|
Subject: [PATCH 07/39] add check for aes apis
|
|
|
|
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
|
---
|
|
src/utils/cutils/namespace.c | 3 +--
|
|
src/utils/cutils/utils_aes.c | 48 ++++++++++++++++++++++++++++++------
|
|
src/utils/cutils/utils_aes.h | 2 +-
|
|
3 files changed, 43 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/src/utils/cutils/namespace.c b/src/utils/cutils/namespace.c
|
|
index 2916c8bb..dc2fe810 100644
|
|
--- a/src/utils/cutils/namespace.c
|
|
+++ b/src/utils/cutils/namespace.c
|
|
@@ -20,9 +20,8 @@
|
|
|
|
char *namespace_get_connected_container(const char *mode)
|
|
{
|
|
- const char *p = mode != NULL ? (mode + strlen(SHARE_NAMESPACE_PREFIX)) : NULL;
|
|
-
|
|
if (namespace_is_container(mode)) {
|
|
+ const char *p = mode + strlen(SHARE_NAMESPACE_PREFIX);
|
|
return util_strdup_s(p);
|
|
}
|
|
|
|
diff --git a/src/utils/cutils/utils_aes.c b/src/utils/cutils/utils_aes.c
|
|
index 9e318b5b..1e25ecd3 100644
|
|
--- a/src/utils/cutils/utils_aes.c
|
|
+++ b/src/utils/cutils/utils_aes.c
|
|
@@ -28,12 +28,17 @@
|
|
#include "utils.h"
|
|
#include "utils_file.h"
|
|
|
|
-int util_aes_key(char *key_file, bool create, unsigned char *aeskey)
|
|
+int util_aes_key(const char *key_file, bool create, unsigned char *aeskey)
|
|
{
|
|
char *key_dir = NULL;
|
|
int fd = 0;
|
|
int ret = 0;
|
|
|
|
+ if (key_file == NULL || aeskey == NULL) {
|
|
+ ERROR("Invalid arguments");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
if (!util_file_exists(key_file)) {
|
|
if (!create) {
|
|
ERROR("init aes failed, file %s not exist", key_file);
|
|
@@ -102,6 +107,11 @@ size_t util_aes_encode_buf_len(size_t len)
|
|
return AES_256_CFB_IV_LEN + util_aes_decode_buf_len(len);
|
|
}
|
|
|
|
+static bool invalid_ase_args(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char **out)
|
|
+{
|
|
+ return aeskey == NULL || out == NULL || bytes == NULL || len == 0;
|
|
+}
|
|
+
|
|
int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char **out)
|
|
{
|
|
int ret = 0;
|
|
@@ -110,22 +120,34 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
|
|
int size = 0;
|
|
int expected_size = len;
|
|
unsigned char *iv = NULL;
|
|
+ EVP_CIPHER_CTX *ctx = NULL;
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
const EVP_CIPHER *cipher = EVP_aes_256_ofb();
|
|
#else
|
|
const EVP_CIPHER *cipher = EVP_aes_256_cfb();
|
|
#endif
|
|
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
|
|
|
- if (ctx == NULL || cipher == NULL) {
|
|
+ if (cipher == NULL) {
|
|
ERROR("EVP init failed");
|
|
return -1;
|
|
}
|
|
|
|
+ if (invalid_ase_args(aeskey, bytes, len, out)) {
|
|
+ ERROR("Invalid arguments");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ ctx = EVP_CIPHER_CTX_new();
|
|
+ if (ctx == NULL) {
|
|
+ ERROR("Ctx create failed");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
*out = util_common_calloc_s(util_aes_encode_buf_len(len) + 1);
|
|
if (*out == NULL) {
|
|
ERROR("out of memory");
|
|
- return -1;
|
|
+ ret = -1;
|
|
+ goto out;
|
|
}
|
|
iv = *out;
|
|
|
|
@@ -192,27 +214,39 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
|
|
int size = 0;
|
|
int expected_size = 0;
|
|
unsigned char *iv = NULL;
|
|
+ EVP_CIPHER_CTX *ctx = NULL;
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
const EVP_CIPHER *cipher = EVP_aes_256_ofb();
|
|
#else
|
|
const EVP_CIPHER *cipher = EVP_aes_256_cfb();
|
|
#endif
|
|
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
|
|
|
- if (ctx == NULL || cipher == NULL) {
|
|
+ if (cipher == NULL) {
|
|
ERROR("EVP init failed");
|
|
return -1;
|
|
}
|
|
|
|
+ if (invalid_ase_args(aeskey, bytes, len, out)) {
|
|
+ ERROR("Invalid arguments");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
if (len <= AES_256_CFB_IV_LEN) {
|
|
ERROR("Invalid aes length, it must be larger than %d", AES_256_CFB_IV_LEN);
|
|
return -1;
|
|
}
|
|
|
|
+ ctx = EVP_CIPHER_CTX_new();
|
|
+ if (ctx == NULL) {
|
|
+ ERROR("Ctx create failed");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
*out = util_common_calloc_s(util_aes_decode_buf_len(len) + 1);
|
|
if (*out == NULL) {
|
|
ERROR("out of memory");
|
|
- return -1;
|
|
+ ret = -1;
|
|
+ goto out;
|
|
}
|
|
|
|
iv = bytes;
|
|
diff --git a/src/utils/cutils/utils_aes.h b/src/utils/cutils/utils_aes.h
|
|
index d429c9e0..476fea65 100644
|
|
--- a/src/utils/cutils/utils_aes.h
|
|
+++ b/src/utils/cutils/utils_aes.h
|
|
@@ -27,7 +27,7 @@ extern "C" {
|
|
#define AES_256_CFB_KEY_LEN 32
|
|
#define AES_256_CFB_IV_LEN 16
|
|
|
|
-int util_aes_key(char *key_path, bool create, unsigned char *aeskey);
|
|
+int util_aes_key(const char *key_path, bool create, unsigned char *aeskey);
|
|
|
|
// note: Input bytes is "IV+data", "bytes+AES_256_CFB_IV_LEN" is the real data to be encoded.
|
|
// The output length is the input "len" and add the '\0' after end of the length.
|
|
--
|
|
2.25.1
|
|
|